fix: fill community PR gaps — bare excepts, print→logging, py.typed, LICENSE#344
Merged
imran-siddique merged 12 commits intomicrosoft:mainfrom Mar 22, 2026
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add EU AI Act, Colorado AI Act, and GPAI obligations timeline with AGT coverage mapping. Reference Microsoft Purview DSPM for AI as complementary data governance layer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Scorecard API rejects workflows with write permissions at the workflow level. id-token: write and security-events: write must be scoped to the job level only. Restores permissions: read-all at workflow level while keeping job-level write permissions intact. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ft#324) Add Google-style docstrings with Args, Returns, Raises, Attributes, and Example sections to MCPMessageType, MCPAdapter, and MCPServer classes. Also enhances docstrings for key methods including handle_message, _handle_tools_call, _handle_resources_read, and _map_tool_to_action. Fixes microsoft#316
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
…s (dependency confusion) (microsoft#325) - Replace !pip install agent-os with !pip install -e ../.. in all 6 notebooks; agent-os is not on PyPI and installing it from PyPI is a dependency confusion vector - Replace zendesk-sdk/freshdesk-sdk with zenpy/freshdesk (the real published SDKs) in customer-service/requirements.txt - Remove hashlib-compat from healthcare-hipaa/requirements.txt; hashlib is stdlib and hashlib-compat is not a real PyPI package
…stall agent-os with agent-os-kernel Replace all remaining instances of `pip install agent-os` (unregistered on PyPI) with `pip install agent-os-kernel` (the actual package) across docs, examples, TypeScript extensions, CLI source, tests, and SVG assets. Also fixes `pip install emk` references to point to `agent-os-kernel[full]` since emk is a submodule, not a standalone PyPI package. Completes the fix started in PR microsoft#325 which only covered notebooks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dify 65K→133K, AutoGen 42K→55K, CrewAI 28K→46K, Semantic Kernel 24K→27K, LangGraph 24K→27K, Haystack 22K→24K, Agent Framework 7.6K→8K. Added star counts for OpenAI Agents SDK (20K) and Google ADK (18K). Sorted by stars descending. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…LICENSE files Address remaining items from issues microsoft#330, microsoft#331, microsoft#332, microsoft#334 that community PRs partially covered. - Fix bare except blocks in time_travel_debugger.py, demo_client.py - Replace print() with logging in integrity.py, promotion.py, verify.py - Add py.typed markers for PEP 561 compliance - Copy LICENSE to all subpackages Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions
bot
added
agent-mesh
🤖 AI Agent: breaking-change-detector🔍 API Compatibility ReportSummaryThis pull request primarily addresses non-functional changes such as adding missing licenses, replacing bare exception handling, and switching from Findings
Migration Guide
Conclusion✅ No breaking changes detected. The changes are primarily additive and improve code quality, maintainability, and compliance. However, the replacement of bare |
🤖 AI Agent: docs-sync-checker📝 Documentation Sync ReportIssues Found
Suggestions
Additional Notes
Please address the issues and suggestions above to ensure documentation and code are fully synchronized. Let me know if you need further assistance! |
🤖 AI Agent: test-generator🧪 Test Coverage Analysis
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 AI Agent: code-reviewer
Review Summary
This pull request addresses several issues related to code quality and compliance, including the replacement of bare excepts, the transition from print statements to logging, the addition of PEP 561 markers, and the inclusion of the MIT license in various packages. Overall, the changes are positive and contribute to better maintainability and compliance of the codebase.
Detailed Feedback
-
Bare Excepts Replacement:
- The changes to replace bare excepts with specific exception types in
time_travel_debugger.pyanddemo_client.pyare commendable. This enhances error handling and prevents unintended catches of exceptions that could mask underlying issues. - Action: Ensure that all similar patterns throughout the codebase are addressed to maintain consistency.
- The changes to replace bare excepts with specific exception types in
-
Print to Logging Transition:
- The transition from print statements to logging in
verify.pyis a significant improvement. Logging provides better control over output and can be configured for different environments (e.g., development vs. production). - Action: Consider reviewing other parts of the codebase for similar transitions to logging, ensuring that all output is handled consistently.
- The transition from print statements to logging in
-
PEP 561 Markers:
- Adding
py.typedfiles toagent-complianceandagent-marketplaceis a good step towards improving type safety and compatibility with type checkers. - Action: Verify that all packages in the monorepo have appropriate type hints and markers to ensure type safety across the library.
- Adding
-
License Inclusion:
- Including the MIT license in all subpackages is essential for legal compliance and clarity regarding the use of the code.
- Action: Ensure that the license is also included in any future packages added to the repository.
-
Thread Safety:
- While the changes do not directly address thread safety, it is crucial to ensure that any logging or shared resources are managed in a thread-safe manner, especially in a concurrent execution environment.
- Action: Review the logging setup and any shared resources to ensure they are thread-safe.
-
OWASP Compliance:
- The changes do not explicitly mention any OWASP compliance checks. It is essential to ensure that the code adheres to OWASP guidelines, especially concerning error handling and logging.
- Action: Conduct a review of the codebase against the OWASP Agentic Top 10 to identify any potential vulnerabilities.
-
Backward Compatibility:
- The changes appear to maintain backward compatibility as they do not introduce breaking changes to the public API.
- Action: Ensure that any future changes are carefully reviewed for potential breaking changes, especially in public-facing APIs.
Flags
- 🟡 WARNING: Ensure that all instances of bare excepts are replaced throughout the codebase to maintain consistency and improve error handling.
- 💡 SUGGESTION: Consider implementing a logging configuration that allows for different logging levels (DEBUG, INFO, WARNING, ERROR) to provide more flexibility in output.
Conclusion
This pull request makes significant strides in improving code quality and compliance. The changes are well-implemented and align with best practices. Continued attention to thread safety, OWASP compliance, and type safety will further enhance the robustness of the library.
🤖 AI Agent: security-scannerSecurity Review of Pull RequestThis pull request addresses several issues, including replacing bare 1. Bare Excepts Replaced with Specific Exception TypesFiles Affected:
Analysis:Bare
Security Impact:
Recommendation:
2. Transition from
|
| Finding | Severity | Description | Recommendation |
|---|---|---|---|
| Bare excepts replaced | 🔵 LOW | Bare except blocks replaced with specific exception types. Improves error handling and reduces risk of unintended behavior. |
Ensure no sensitive data is logged in time_travel_debugger.py. |
Transition from print to logging |
🔵 LOW | Transition to logging improves maintainability and control over log levels. |
Review logging statements for potential sensitive data exposure. |
Logging in time_travel_debugger.py |
🟡 MEDIUM | Logging unvalidated data (tool_args and result) could expose sensitive information. |
Sanitize data before logging to ensure no sensitive information is logged. |
| PEP 561 markers added | 🔵 LOW | Improves type safety, reducing the likelihood of type-related bugs. | Ensure type annotations are comprehensive and accurate. |
| MIT license added | No impact | Legal compliance change. | No action needed. |
Final Recommendation
- Approve with changes: The PR improves code quality and addresses some security concerns. However, ensure that logging statements in
time_travel_debugger.pyare reviewed and sanitized to prevent potential sensitive data exposure.
This was referenced Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to address remaining items from community PRs that partially covered issues #330, #331, #332, #334.
Changes
33 files changed — mostly LICENSE copies, 3 surgical code fixes.
Closes #330, closes #331, partially closes #332, partially closes #334.